<!doctype html>
<body>
  <h1>Content Security Policy header containing "frame-src {{GET[frame_src_policy]}}"</h1>
</body>
